Fix a longstanding bug, from Otto Moerbeck:

if we're reducing a rule that has an empty right hand side and the yacc stackpointer is pointing at the very end of the allocated stack, we end up accessing the stack out of bounds by the implicit $$ = $1 action Obtained from: OpenBSD
svn path=/head/; revision=180597
2008-07-18 15:05:14 +00:00 · 2008-07-18 15:05:14 +00:00 · 068d36032a · 2020-12-20 02:59:44 +00:00
commit 068d36032a
parent 0c025af962
1 changed files with 5 additions and 1 deletions
--- a/usr.bin/yacc/skeleton.c
+++ b/usr.bin/yacc/skeleton.c
@ -60,6 +60,7 @@ __FBSDID("$FreeBSD$");
 const char *banner[] =
 {
    "#include <stdlib.h>",
+    "#include <string.h>",
    "#ifndef lint",
    "#ifdef __unused",
    "__unused",
@ -331,7 +332,10 @@ const char *body[] =
    "                YYPREFIX, yystate, yyn, yyrule[yyn]);",
    "#endif",
    "    yym = yylen[yyn];",
-    "    yyval = yyvsp[1-yym];",
+    "    if (yym)",
+    "        yyval = yyvsp[1-yym];",
+    "    else",
+    "    memset(&yyval, 0, sizeof yyval);",
    "    switch (yyn)",
    "    {",
    0